cyber attack-probe

cyber attack-probe

SEOUL, March 22 (Yonhap) -- Some of the malicious code that paralyzed network systems at South Korean banks and TV broadcasters originated from a local computer, Seoul's communications watchdog said Friday.

Local TV broadcasters KBS, MBC and YTN along with Shinhan, NongHyup and Jeju banks suffered a massive network failure on Wednesday that halted financial services and crippled operations.

In a press release, the Korea Communications Commission (KCC) said it had mistaken a private Internet Protocol (IP) address used by NongHyup as an IP address allocated to China. The International Corporation for Assigned Names and Numbers (ICANN) allocates official IP address ranges by country.

The announcement comes a day after the KCC said a Chinese IP address (101.106.25.105) accessed NongHyup's update management server and generated malicious files, fueling speculations over North Korea's involvement.

The watchdog said the National Police Agency has confiscated the hard disk of the suspected computer for a further investigation but did not elaborate on the attacker.

The KCC also said it is in the process of a "multilateral" probe to track down "all possible infiltration routes."

A spokesman at NongHyup said the bank is looking into the issue without further details.

Meanwhile, the KCC said Shinhan Bank and Jeju Bank have completely recovered their networks, while NongHyup is still in the process of normalizing its system.

The three affected TV broadcasters -- KBS, MBC and YTN -- said they have made significant progress in their recovery work and that their networks could be normalized by as early as next Monday.

Officials at those stations said dozens of workers will work on hacked computers throughout the weekend, but said varying degrees of damage could delay full recovery.

Earlier Friday, the KCC said the three stations have on average recovered roughly 10 percent of their affected systems, adding that no further damage had been detected.

The KCC's earlier announcement on the China link has fueled suspicions that Pyongyang masterminded the cyber attack amid heightening tension between the two Koreas.

South Korea has accused North Korea of carrying out a series of cyber attacks on the Web sites of government agencies and financial institutions over the past few years, though the North has denied the allegations.

In June 2012, the JoongAng Ilbo, one of the country's major conservative media outlets, came under a cyber attack that crippled its server and Web site. The National Police Agency later determined that North Korea was responsible for the attack.

NongHyup's computer network also crashed in September 2010 apparently from an attack by the North, according to prosecutors and the police.